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DECLARATION IN SUPPORT OF APPLICANTS' 
DECLARATION UNDER 37 C.F.R. §l,13l 

To: Commissioner for Patents 
P.O. Box 1450 
Alexandria, VA 2231 3-1450 

Dear Sir: 

Robert R. Gcnsler, Jr., Serban C. Maerean, Clarence B. Parker, Jr. and Hemant R. Suri 
declare as follows: 

1 . At some time prior to April 7, 2001 , Applicants conceived of a method for providing 
security services in a clustered data processing environment, said method comprising the steps of 
providing an access program layer on at least two data processing nodes of said clustered 
environment, said layer presenting a consistent security interface, from at least two of said nodes 
to two at least two types of security program module which implement a security service on 
different nodes within said cluster, to applications which run on said nodes and which access a 
same one of said at least two types of security program nK>du]es on different nodes» through said 
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consistent interface; and providing at least one adsq^ter module for each security program 
module, wherein said at least one adapter module maps parameters of said security service to 
said security interface, whereby applications running on different nodes do not req\iire 
modification to use different security program modules. 

2. At some time prior to April 7, 2001 > Applicants conceived of the invention described 
in paragraph 1 hereof in which there are a plurality of more dian two of said data processing 
nodes. 

3. At some time prior to April 7, 2001 , Applicants conceived of the invention described 
in paragrq>h 1 hereof in which there are a plurality of security program modules. 

4. At some time prior to April 7, 2001 , Applicants conceived of the invention described 
in paragraph 1 hereof in which there are a plurality of said adapter modules. 

5 . At some time prior to April 7, 2001 , Applicants conceived of the invention described 
in paragraph 1 hereof in which said access program layer includes authentication and 
authorization services through said security interface. 

6. At some time prior to April 7, 2001 , Applicants conceived of die invention described 
in paragr^h 1 hereof in which said access program layer includes access control services 
through said security interface. 

7. At some time prior to April 7. 2001, Applicants conceived of the invention described 
in paragr£4>h 6 hereof in which said access control services includes entries grouped by at least 
one characteristic selected from the group consisting of type, mechanism, identity and 
permission bit mask. 

8. At some time prior to April 7, 2001 , Applicants conceived of the invention described 
in paragraph 1 hereof in which said access program layer loads one or nx)re security program 
modules identified through said security interface. 
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9. At all times relevant hereto, Applicants were and are full-time employees of the 
Assignee, International Business Machines Corporation ("IBM") in the United States and all 
activities and events discussed herein took place in the United States. 

1 0. At some time prior to April 7, 2001 , Applicants described ttieir invention in detail in a 
document entitled Xluster Security Services (CtS) Generic Authentication and ACL 
Management," selected portions of which are annexed hereto and made part hereof as Exhibit 
"A". 

1 1 . On or at some time prior to June 13, 2001 , Applicants actually reduced their invention 
(e.g., the methods described herein above and claimed in the pending claims) to practice as 
evidenced by the "Change History Report,'* selected portions of which are armexed hereto and 
made part hereof as Exhibit '*B'*. As an example, item **name" 74869 found on p. 14 of Ae 
report and having an "addDate" of June 1 3, 2001 and a 'Modify** action entry date of June 13, 
2001 represents the point in Applicants' product implementation cycle prior to which the 
invention was demonstrated to be fully functional in operating prototypes. 

12. The Change History Report identifies, among other information, "defects" that were 
uncovered in IBM intemzd functional verification testing. Once a defect was reported, it was 
corrected by making appropriate source code modifications. Modifications were made on June 
13, 2001 to correct defect name 74869. Based upon the information in the "abstract" and '*notes" 
fields of the Change History Report, Applicants know that no defects relating to the functionality 
of the invention (e.g., relating to the performance of tfie methods described herein above and 
claimed in the pending claims) were reported after June 1 3, 2001 . All defects reported after that 
date were for minor defects that had no effect on su<di functionality. 

1 3. On or at some time prior to June 13, 2001, Applicants' invention was implenr»ented in 
a prototj^e, which operated successfully and performed the methods ttat the invention was 
intended to perform, namely the methods described hereinabove in paragraphs 1 through 8, and 
claimed in pending claims 13 through 20. 
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14. During the entire period of time starting prior to April 7, 2001 and contiTiuing thit>ugh 
June 1 3, 2001 , Applicants were assigned by IBM to work full-time on tfie development of the 
invention. During that time, Applicants worked full-time on developing the invention, including, 
but not limited to, participating in the performance of functional verification testing, making 
product refinements, such as writing additional source code to refine and enhance the 
functionality of the source code, and performing necessary administrative and procedural 
functions. 

1 5. Annexed hereto and made a part hereof as Exhibit "C" is a document entitled 
"Cluster Security: Secured Execution Environment System Design'* dated April 16^ 2001 that 
provides a detailed description of the invention, which updates the description that was provided 
in the Cluster Security Services (CtS) document annexed hereto as Exhibit "A". 

16. Annexed hereto and made a part hereof as Exhibit "D" is a document entitled ''Source 
Code History Report" in which various activities, and the dates of those activities, associated 
with the development of Applicants' invention are reported. The report lists the various source 
code modules of the invention and identifies when modifications to those modules were made in 
IBM's source code repository. Other such activities are reported on the Change History Report 
(Exhibit "B" hereto). These two reports represent a small fraction of all activity associated with 
the development and testing of Applicants' invention during the period from just prior to April 7, 
2001 tfuough June 1 3, 2001 . On dates that are not represented in the reports. Applicants were 
wotking full time on the development and testing of the invention. Most of Applicant's source 
code development activities associated with the invention were performed on local workstations, 
and those activities are not reflected in the reports. 

1 7. All of the Exhibits annexed hereto are documents that were prepared and maintained 
in the ordinary course of business of the Assignee, International Business Machines Corporation 
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DECLARATION IN SUPPORT OF APPLICANTS' 
DECLARATION UNDER 37 CF-R. §1.131 

To: Commissioner for Patents 
P.O. Box 1450 
Alexandria, VA 22313-1450 

Dear Sir: 

Robert R. Gensler, Jr., Serban C, Macrean, Clarence B, Parker, Jr. and Hemant R. Suri 
declare as follows: 

1 .At some time prior to April 7» 2001 , Applicants conceived of a method for providing 
security services in a clustered data processing environment, said method comprising the steps of 
providing an access program layer on at least two dala processing nodes of said clustered 
environment, said layer presenting a consistent security interface, from at least two of said nodes 
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lo iwo at least iwo types of sccufliy program module which implemem a sccuriiy service on 
dirrcrent nodesi wilhin said Cluster, to applications which run on said nodes and which access a 
same one of staid at least two types of security program modules on different nodes, through j^aid 
consistent interface; and providing at least one adapter module for each security program 
module, wherein said at least one adapter module maps parameters of said security service to 
s^d security interface, whereby applications running on different nodes do not require 
modification to use different securi^ program modules. 

2 At some time prior to April 7, 2001 , Applicants conceived of the invention described in 
paragraph 1 hereof in which there are a plurality of more than two of said data processing nodes. 

3. At some lime prior to April 7, 2001 , Applicants conceived of the invention described in 
paragraph 1 hereof in which there are a plurality of security program modules* 

4. At some time prior to April 7, 2001, Applicants conceived of the invention described in 
paragraph 1 hereof in which there are a pliu^ity of said adapter modules. 

5. At some tin>e prior to April 7, 2001 , Applicants conceived of the invention described in 
paragraph 1 hereof in which said access program layer includes authentication and authorization 
services through said security interface. 

6. At some time prior to April 7, 2001, Applicants conceived of the invention described in 
paragraph 1 hereof in which said access program layer includes access control services through 
said security interface, 

7. At some time prior to AprQ 7, 2001, Applicants conceived of the invention described in 
paragr^h 6 hereof in whidi said access control services includes entries grouped by at least one 
characteristic selected from flic group consisting of type, mechanism, identity and permission bit 
mask. 
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8, At some time prior to April 7, 2001, Applicants <^ngeived of the invention described in 
piirttgniph I hereof in which said access program layer loads one or more security program 
modules idcnti^ed through said security interface. 

9. At all times relevant hereto* Applicants were and are full-time employees of the 
Assignee, International Business Machines Corporation ("IBM") in the United States and all 
activities and events discussed herein took place in the United States. 

10 At some time prior to April 7, 2001 . Applicants described their invention in detail in a 
document entitled "Cluster Security Services (CtS) Generic Authentication and ACL 
Management," selected portions of which are annexed hereto and made part hereof as Exhibit 
"A". 

11 .On or at some time prior to June 1 3, 2001 , Applicants actually reduced their invention 
(e.g., the methods described herein above and claimed in the pending claims) to practice as 

; evidenced by the "Change History Report," selected portions of which are annexed hereto and 

made part hereof as Exhibit "B". As an example, item "name" 74869 found on p. 14 of the 
report and having an "addDate" of June 13, 2001 and a "modify" action entry date of June 13, 
2001 represents the point in Applicants* product implementation cycle prior to which the 
invention was demonstrated to be fully functional in operating prototypes. 

1 2,The Change History Report identifies, among other infomcuition, "defects" that were 
uncovered in IBM internal functional verification testing. Once a defect was reported, it was 
corrected by making appropriate source code modifications. Modifications were made on June 
1 3, 2001 to correct defect name 74869. Based upon the information in the "abstract" and 
*'notes" fields of the Change History Rcpon, Applicants know that no defects relating to the 
functionality of the invention (eg., relating to the performance of the methods described herein 
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above and claimed in the pending claims) were reported after June 13, 200 1 . All defects 
reported after that date were for minor defects that had no effect on such funcHoDSdity. 

1 3.0n or at some time prior to June 1 3, 2001 , Applicants' invention was implemented in 
a prototype, which operated successfuHy and performed die methods that the invention was 
intended to perfonn, namely the methods described hereinabove in paragraphs 1 through 8, and 
claimed in pending claims 13 through 20. 

14. During the entire period of Ume starting prior to April 7, 2001 and continuing through 
June 1 3, 2001, Applicants were assigned by IBM lo work full-time on the development of the 
invention. During that time, Applicants worlced full-time on developing the invention, including, 
but not limited to, participating in the perfoiraance of functional verification testing, making 
product refinements, such as writing additional source code to refine and enhance the 
fiinctionality of the source code, and performing necessary administrative and procedural 
functions. 

15. Annexed hereto and made a part hereof as Exhibit *'C" is a document entided *X3uster 
Security: Secured Execution Environment System Design" dated April 16, 2001 that provides a 
detailed description of the invention* which updates the description that was providel in the 
Cluster Security Services (QS) document annexed hetBto as Exhibit ^'A**. 

1 6. Anne^icd hereto and made a part hereof as Exhibit "D" is a document entiOed •*Souice 
Code History Report" in which various activiti^, and the d^es of tfiave activities, associated 
with die development of Applicants' invention are reported. The report lists the various source 
code modules of the invention and identifies when modifications to those modules were made in 
roM's source code repository. Odier such activities are reported on the Change History Report 
(Exhibit "B** hereto). Thesse two reports represent a small fraction of all activity associated with 
the development and testing of Applicants' invention during die period from just prior to April 7. 
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20O1 through June 13, 2001 . On dales that are not represented in the reports. Applicants were 
working full time on the developmeni and testing of the InveDtion. Most of Applicant's source 
code development HCti vities af«oclated with the Invention were performed on local workstations, 
and those activities are not reflected in the reports. 

17.AI1 of the Exhibits annexed hereto are documents that were prepared and maintained 
in the ordinary course of business of the Assignee, IntemaUonal Business Machines Corpoijation 
("IBM*')' 



Date: 



Robert R, Gensler, Jr 
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